On Tue, 4 Jun 2002, Balazs Scheidler wrote: > I'd like to make tproxies easier to administer, so I'm thinking about a > simple way of matching tproxied packets, which can be ACCEPTed from the > INPUT chain. > > Possible solutions: > > * use a new state (called TPROXY), which would be applied to all TPROXYed > packets (might interact badly with nat/conntrack). > * have the tproxy framework mark all packets with an fwmark, and let the > packets in based on the value of fwmark > * have a separate match (called tproxy), which matches tproxied sessions > based on some value stored in the associated conntrack entry > > which one do you prefer?
The latter seems to me the best solution. Regards, Jozsef - E-mail : [EMAIL PROTECTED], [EMAIL PROTECTED] WWW-Home: http://www.kfki.hu/~kadlec Address : KFKI Research Institute for Particle and Nuclear Physics H-1525 Budapest 114, POB. 49, Hungary